Dr.Web virus classification

"HLL." (High-Level Language): Viruses written in high-level programming languages (such as C, C++, Pascal, Basic, etc.). In some cases the code of the compiled HLL viruses is packed with different compression utilities (PKLITE, LZEXE, DIET, etc.).

There are several classes of HLL-viruses:

"HLLC." (High-Level Language Companion): Viruses that employ an infection algorithm based on the manipulation of filenames in the file system. Generally the HLLC virus renames the original executable file (or moves it to another folder) and then uses the original executable filename to create a copy of the virus in its place.

"HLLO." (High-Level Language Overwriting): Viruses that overwrite the data of the affected file.

These viruses are written in different script languages. As a rule, VBS-, JS- and WScript- viruses are worms that use email services to spread.

"VBS." - viruses are written in Visual Basic Script language;

"JS." - viruses are written in Java Script language;

"WScript." - VBS- and/or JS- worms are often embedded in HTML-files.

"BAT." - viruses are written in MS-DOS command interpreter language

Other

"IRC." - worms spreading via Internet Relayed Chat channels.

We also use such postfixes

".generator" - specifies the so called "Virus constructor" programs themselves.

".based" - this suffix means that the virus was generated by specified virus constructor program or that the virus was designed as a generic modification of specified "basic" virus code.

".dropper" - it is a common name for "installator" of a specified virus. This is not a virus, but when this "dropper" is run, it produces a virus and installs it into the operating system (into executable file, document, boot sector, etc).

Viruses wriiten for different operating systems and platforms

"Win." - infects Windows 16-bit executable programs (NE). NE - NewExe - Windows 3.xx executable files format. Some of these viruses can work not only in Windows'3.xx environment but in Win'95/98/NT too.

"Win95." - infects Windows 32-bit executables (PE and LE(VxD)) and works only in Windows 95/98 environment